The North Korean IT personnel group used over 30 fake identities to gain developer access, engaging in illegal activities across multiple digital platforms.
They carried out attacks targeting the Favrr platform with damage amounts reaching $680,000, while using Google's tools, VPNs, and AI services to cover their tracks and expand their operational scope.
MAIN CONTENT
The North Korean group created over 30 fake identities and rented Upwork, LinkedIn accounts.
Related to the $680,000 attack on the Favrr platform in June 2025.
Google tools and VPNs were used for scheduling, language translation, and hiding IP.
How does the North Korean IT personnel group operate?
This small group uses over 30 fake identities to secure developer positions, renting Upwork and LinkedIn accounts by buying accounts based on government IDs.
By attacking using AnyDesk management software, they accessed important data including Google Drive files, Chrome profiles, and screenshots. This shows a high level of technical expertise and organization, posing a significant challenge to security.
How does this relate to the Favrr attack and what is the scale of the organization?
The wallet address 0x78e1 has been identified as closely related to the attack on the Favrr platform, causing a loss of $680,000 in June 2025.
Exploiting Google's tools to plan work, purchase social security numbers, and register for AI services, this group also used VPNs to hide their real IPs and translated text via Google Translate, showing careful preparation and multitasking in their criminal activities.
“The fact that this group can create dozens of fake identities and operate across multiple electronic platforms demonstrates a high level of sophistication and weaknesses in the recruitment management and security coordination of related services.”
Cybersecurity expert, 2025
What is the major challenge in preventing this activity?
The lack of tight coordination between services and negligence in the recruitment process leads to difficulties in detecting and promptly preventing fraudulent and cyber attack behaviors.
The fact that these personnel use Russian IPs and VPN services to conceal their activities also increases the difficulty of tracing, requiring enhanced technical and legal capabilities to address.
What solutions can be applied to limit similar incidents?
Tightening user identity checks through job platforms and enhancing the application of technology to monitor unusual behavior will help mitigate risks from fake identities.
In addition, close multinational cooperation in controlling IPs, VPNs, and checking various forms of technology service registrations is necessary to enhance the effectiveness of cybercrime prevention.
How should technical solutions be implemented to prevent threats?
Prioritize the application of AI and machine learning to detect unusual behavior patterns from fake identities, along with a real-time alert system to support security teams in quick responses.
At the same time, raise awareness among employers and administrators about security risks, collaborating with experts to better control access rights and endpoints.
Where have similar cases occurred, and what was the impact?
Similar incidents show that cybercriminal groups often exploit online job platforms to create fake identities and carry out large-scale attacks, causing serious financial damage.
According to recent reports, this activity not only affects one platform but poses a risk of spreading to blockchain and DeFi systems.
Can the severity of this incident be compared to other attacks?
Criteria Attack on Favrr (6/2025) Typical Cyber Attack Financial Damage $680,000 Usually under $100,000 Number of fake identities used Over 30 Usually under 10 Scope of Impact Blockchain platforms and related services Primarily single platforms Technical Complexity High, using VPN, AI, Google services Low to medium
Frequently Asked Questions
What form of fraud has the North Korean group used?
They created over 30 fake identities, using Upwork and LinkedIn accounts purchased from government IDs to secure developer positions.
What is the financial damage caused by the Favrr attack?
Why is controlling fake identities challenging?
The lack of coordination between services, along with the use of VPNs and foreign IPs, complicates the detection and response process.
What solutions help prevent fraudulent activities?
Tighten identity checks and apply AI to detect unusual behavior in the network environment.
Which field is affected by this group's activities?
They directly impact blockchain platforms, DeFi services, and the digital work environment.
Source: https://tintucbitcoin.com/it-trieu-tien-tan-cong-tien-ao/
Thank you for reading this article!
Please Like, Comment, and Follow TinTucBitcoin to stay updated with the latest news about the cryptocurrency market and not miss any important information!